Arbitrary Code Execution
The Login Activity com.insecureshop.LoginActivity
contains the following code. As per the code, the android application obtains all the package names from the android device and creates package context for each package name. If there is any app whose package begins with com.insecureshopapp
, the app tries to find com.insecureshopapp.MainInterface
and call its getInstance method.
An attacker can create their own app with a package name that begins with the right prefix, create the specified class with this method, and include in that method code that will then be executed in the context of the victim app.
Exploiting this may be tricky and not really straightforward. Go through the code in LoginActivity well and identify at what point the code execution will take place.
References:
Last updated